Ransomware attack on property management company

October 5, 2021

Ransomware attack on property management company

Client
A large property management company developing offices and apartment blocks in Central & Eastern Europe.

Situation
A ransomware application made its way in through an out-of-date fileserver that should have been updated. The attack also eliminated all of the backups making a system restoration impossible.

Action
CNS Risk conducted a Health Check and reviewed policies and procedures. We also recommended conducting monitoring and a review of O/365 and Azure rules as well as endpoint monitoring.

Results
CNS Risk were able to show that the access was through the obsolete file server that the client’s 3rd party IT company should have updated years earlier; and also, argued that paying the ransom was not likely to restore the companies systems without continuing the attack. The company re-built the systems from data fragments, replaced the compromised server and instituted new policies.

Duration
2 weeks

Resources Employed
One lead investigator and our cyber team (scanning the dark web for published data on the ransom, and the particular victim).